← Back to context

Comment by polycaster

4 years ago

That seems a bit far fetched.

Not sure why that's more odd than other crazy fingerprinting techniques actually in use. Keep in mind no midi devices would need to be present for fingerprinting. Different failure modes, etc.

Especially in the porn industry where the end users are likely using incognito mode or a VPN.

  • I still don't understand how WebMIDI would be used for fingerprinting of the vast majority of users who don't have any MIDI devices connected to their machine.

    • Here's a jsfiddle: https://jsfiddle.net/wj69s4fh/

      I get different types of failures and messages from different versions of Chrome, Firefox, and IE. None of which have any midi devices. Those errors, or the structure of the resulting object if it succeeds, are all fingerprint inputs.

      1 reply →

    • I would guess quite a few browsers or operating systems would implement at least one virtual MIDI device, so that sites wanting to play MIDI would work. Those virtual devices wouldn’t all be identical.

    • It might be a way to detect bots, even on headless browsers, that pretend to be Chrome but don’t implement the MIDI api. I’m sure crawlers are the bane of the porn industry.

    • It takes almost no work to check all available browser context, once you check for some of it.